HIGHCVE-2026-35506Published 2026-05-13Modified 2026-05-13CNA jpcert

CVE-2026-35506: ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 4

Affected packages

ELECOM CO.,LTD. / WRC-BE72XSD-B
v1.1.1 and earlier
ELECOM CO.,LTD. / WRC-BE72XSD-BA
v1.1.1 and earlier
ELECOM CO.,LTD. / WRC-BE65QSD-B
v1.1.0 and earlier
ELECOM CO.,LTD. / WRC-W702-B
v1.1.0 and earlier

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

elecom.co.jp
jvn.jp

Metrics